Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0117 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194
|
|||||
| CVE-2020-0086 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347
|
|||||
| CVE-2020-0068 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. Android ID: A-139354541
|
|||||
| CVE-2019-9959 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 7 Debian Linux, Fedora, Poppler and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
|
|||||
| CVE-2019-9930 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Various Lexmark products have an Integer Overflow.
|
|||||
| CVE-2019-9865 | 1 Windriver | 1 Vxworks | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
|
|||||
| CVE-2019-9421 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
|
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250
|
|||||
| CVE-2019-9420 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481
|
|||||
| CVE-2019-9405 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225
|
|||||
| CVE-2019-9357 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995
|
|||||
| CVE-2019-9311 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031
|
|||||
| CVE-2019-9310 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546
|
|||||
| CVE-2019-9308 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742
|
|||||
| CVE-2019-9307 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661893
|
|||||
| CVE-2019-9306 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348
|
|||||
| CVE-2019-9305 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661835
|
|||||
| CVE-2019-9304 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270
|
|||||
| CVE-2019-9303 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057
|
|||||
| CVE-2019-9302 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661356
|
|||||
| CVE-2019-9301 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663384
|
|||||
| CVE-2019-9300 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661610
|
|||||
| CVE-2019-9299 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663886
|
|||||
| CVE-2019-9298 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112892194
|
|||||
| CVE-2019-9297 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242
|
|||||
| CVE-2019-9278 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
|
|||||
| CVE-2019-9262 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351
|
|||||
| CVE-2019-9257 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342
|
|||||
| CVE-2019-9256 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829
|
|||||
| CVE-2019-9210 | 4 Advancemame, Canonical, Debian and 1 more | 4 Advancecomp, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
|
|||||
| CVE-2019-9139 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2019-9138 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2019-9137 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2019-9133 | 3 Fedoraproject, Kmplayer, Microsoft | 3 Fedora, Kmplayer, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
|
|||||
| CVE-2019-9112 | 1 Micode | 1 Xiaomi Perseus-p-oss | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in drivers/gpu/drm/msm/sde/sde_connector.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
|
|||||
| CVE-2019-9111 | 1 Micode | 1 Xiaomi Perseus-p-oss | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in drivers/gpu/drm/msm/sde_dbg.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
|
|||||
| CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.
|
|||||
| CVE-2019-8601 | 1 Apple | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
|
|||||
| CVE-2019-8355 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
|
|||||
| CVE-2019-8354 | 3 Canonical, Debian, Sound Exchange Project | 3 Ubuntu Linux, Debian Linux, Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
|
|||||
| CVE-2019-8101 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
|
|||||